/* * Copyright (c)2013-2021 ZeroTier, Inc. * * Use of this software is governed by the Business Source License included * in the LICENSE.TXT file in the project's root directory. * * Change Date: 2026-01-01 * * On the date above, in accordance with the Business Source License, use * of this software will be governed by version 2.0 of the Apache License. */ /****/ package cli import ( "fmt" "zerotier/pkg/zerotier" ) func Help() { fmt.Printf(`ZeroTier Network Hypervisor Service Version %d.%d.%d (c)2013-2021 ZeroTier, Inc. Licensed under the ZeroTier BSL (see LICENSE.txt) Usage: zerotier [-global options] [command args] Global Options: -j Output raw JSON where applicable -p Use alternate base path -t Load secret auth token from a file -T Set secret auth token on command line Common Operations: help Show this help version Print version · status Show node status and configuration · set [option] [value] List all settings (with no args) · port Primary P2P port · secondaryport Secondary P2P port (0 to disable) · blacklist cidr Toggle physical path blacklisting · blacklist if Toggle interface prefix blacklisting · portmap Toggle use of uPnP or NAT-PMP · peer [address] [command] [option] Peer management commands · list List peers · listroots List root peers · show Show peer details · try [...] Try peer at explicit endpoint · network list List VL2 networks · network [command] [option] · show Show network details (default) · set [option] [value] Get or set network options · manageips Is IP management allowed? · manageroutes Is route management allowed? · managedns Allow network to push DNS config · globalips Allow assignment of global IPs? · globalroutes Can global IP space routes be set? · defaultroute Can default route be overridden? · join [-options] Join a virtual network -a Token to submit to controller -c Controller identity or fingerprint · leave Leave a virtual network Advanced Operations: service Start this node (runs until stopped) now [duration] Print current time [-]#[ms|s|m|h] controller [option] · list List networks on controller · new Create a new network · set [setting] [value] Show or modify network settings · members List members of a network · member [setting] [value] Show or modify member level settings · auth
Authorize a peer · deauth
Deauthorize a peer identity [args] new [c25519 | p384] Create identity (default: c25519) getpublic Extract only public part of identity fingerprint Get an identity's fingerprint validate Locally validate an identity sign Sign a file with an identity's key verify Verify a signature locator [args] new [...] Create new signed locator verify Verify locator signature show Show contents of a locator cert [args] · list List certificates at local node · show Show certificate details newsid Create a new subject unique ID newcsr Create a subject CSR sign Sign a CSR to create a certificate verify Verify certificate (not chain) dump Verify and print certificate · import [trust,[trust]] Import certificate into this node trust flag: rootca Certificate is a root CA trust flag: ztrootset ZeroTier root node set · restore Re-import default certificates · export [path] Export a certificate from this node · delete Delete certificate from this node · Command requires a running node and access to a local API token. An
may be specified as a 10-digit short ZeroTier address, a fingerprint containing both an address and a SHA384 hash, or an identity. The latter two options are equivalent in terms of specificity and may be used if stronger security guarantees are desired than those provided by the basic ZeroTier addressing system. Fields of type must be full identities and may be specified either verbatim or as a path to a file. An is a place where a peer may be reached. Currently these are just 'IP/port' format addresses but other types may be added in the future. The 'service' command starts a node. It will run until the node receives an exit signal and is normally not used directly. `,zerotier.CoreVersionMajor, zerotier.CoreVersionMinor, zerotier.CoreVersionRevision) }